Mangelnde Rechteprüfung in PulseAudio
ID: | USN-4355-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 19.10, Ubuntu 20.04 LTS |
Datum: | Mi, 13. Mai 2020, 07:42 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11931 |
Applikationen: | PulseAudio |
Originalnachricht |
|
--===============0674810119788106717== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="dLXnlYbDJNCwF3YM" Content-Disposition: inline --dLXnlYbDJNCwF3YM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-4355-1 May 12, 2020 pulseaudio vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: PulseAudio could allow unintended access to snap packages. Software Description: - pulseaudio: PulseAudio sound server Details: PulseAudio in Ubuntu contains additional functionality to mediate audio recording for snap packages and it was discovered that this functionality did not mediate PulseAudio module unloading. An attacker-controlled snap with only the audio-playback interface connected could exploit this to bypass access controls and record audio. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: pulseaudio 1:13.99.1-1ubuntu3.2 Ubuntu 19.10: pulseaudio 1:13.0-1ubuntu1.2 Ubuntu 18.04 LTS: pulseaudio 1:11.1-1ubuntu7.7 Ubuntu 16.04 LTS: pulseaudio 1:8.0-0ubuntu3.12 After a standard system update you need to restart your session to make all the necessary changes. References: https://usn.ubuntu.com/4355-1 CVE-2020-11931, https://launchpad.net/bugs/1877102 Package Information: https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.1-1ubuntu3.2 https://launchpad.net/ubuntu/+source/pulseaudio/1:13.0-1ubuntu1.2 https://launchpad.net/ubuntu/+source/pulseaudio/1:11.1-1ubuntu7.7 https://launchpad.net/ubuntu/+source/pulseaudio/1:8.0-0ubuntu3.12 --dLXnlYbDJNCwF3YM Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEETCDAa12L3miIVNKKUdvcWMxVlXMFAl668sUACgkQUdvcWMxV lXPLhg//RtllA3Q744oo1fODslVHnYPwPJ1q8u04VutEP1Sqycwv4n5fje3FVJ3z 9WgXhY3RaLXLINh+CCOWwJX2H2+uMs2FN499iFmkF+cKAtAsjXZlw7c/+/7iELsp v6gyjWHhdzpqDZvlNQVNvh9W8De57CV4zjQZhtbLu+PdB/mNIURj+tJHYlxDxP3O mKZl1LnzB+6au4MaFUXQm1eKcOnGNjlUg/0TrDWSWEd74Y3IRk17zGcx6c1Y5WcY Z7bDPRxOyhdHhei+3UEFPlBCszn9XsqqMr1fOtuIH5ScX9NdxUk6AJwyjqe9VfpC UixLUDqSIHNOeq85aiJxh9sy/Lo7Fyog7tx7aMRfTfGUp11jHGRMegS+8sYKjABJ 3ghjEbCsdsy7Clh2XyW3tGQMPtWkObyby5nZxl9kYHIHNaFk9uzBFkSZ3Ivhsse7 9/clJ6D5/Ua07iw5xxYo3OZM3Q26Zn6rZmFYK6Zhv+vDWgxs4B5KVgXBfz1SWbsQ dHo4iPt1dZj6Fw6mv74FEIuqpwq3uflTiLJHnmuRwCZY1pOMTsHm69AEbphIg25l wOwDS5Q7jNHu/fbxpOjgyK300tiGC3kfT58JHN5KgBYyTezbViQGhjZLKZAuEpFQ 6QBjtGqZmIwHZiazhNDM7zPq3xJzVZQGkGWbTC8VZCbBVMqjCrA= =yCz8 -----END PGP SIGNATURE----- --dLXnlYbDJNCwF3YM-- --===============0674810119788106717== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce |